localStorage bug allows sites to fill up hard disk / crash Safari

Number:rdar://13311988 Date Originated:Feb 27, 2013
Status:Openn Resolved:
Product:Safari Product Version:6.0.2 (8536.26.17)
Classification: Reproducible:Always

Using multiple subdomains with localStorage, ala 1.filldisk.com, 2.filldisk.com, 3.filldisk.com, and so on allows a single domain to use effectively unlimited space on the user's hard disk. Also, Safari seems to crash when the amount of data stored is equal to the amount of RAM the user has.

Steps to Reproduce:

1. Visit http://filldisk.com
2. Safari crashes after amount stored into localStorage equals the amount of RAM the user has.
3. Or, even if Safari doesn't crash, it's still really bad that sites can fill up your hard disk.

Expected Results:

The spec (http://www.w3.org/TR/webstorage/) suggests this:

"User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit. A mostly arbitrary limit of five megabytes per origin is recommended."

Actual Results:

A single domain is allowed to fill up the user's hard disk / crash Safari.


Other browsers tested:
  Chrome 25: Fail
  Firefox 18: Pass
  IE 10: Fail




By 1billgarrison at Feb. 28, 2013, 7:29 p.m. (reply...)

This should be fixed immediately

By jmstone617 at Feb. 28, 2013, 5 p.m. (reply...)

But please do not fix it the way that Firefox handles it. Their implementation makes LocalStorage essentially unusable for sites that use subdomains: wikipedia, github, wordpress, stackexchange, wikia, etc. See https://bugzilla.mozilla.org/show_bug.cgi?id=1064466.

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!